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AMENDMENTS TO THE CLAIMS 

1-66. (Cancelled) 

67. (Currently Amended) A method of employing a resource server to providing a provide 
resources to a client, the method comprising: 

associating each resource with a respective age threshold on the basis of a level of 
security desired for the resource, in which the age threshold represents the oldest allowable age 
of a membership certificate that can be associated with a request for the resource, such that the 
resource can be provided in reply to the request only if the membership certificate has an age that 
is not older than the oldest allowable age, 

receiving a request fi'om a the client for at least one of the resources, the request 
including being associated with a membership certificate that was issued by a server other than 
the resource server and that c e rtifying certifies at least one of group membership and group non- 
membership of the client as of a time associat e d with th e m e mb e rship c e rtificat e, 

d e t e rmining wh e th e r a signatur e associat e d with th e m e mb e rship c e rtificat e is valid, 
determining an age of the membership certificate relative to that time, 
for each of the at least one resource that is requested by the client: 

comparing the time age of the membership certificate with a the r e c e ncy age 
threshold associated with the resource^ and 

providing the resource to the client only if th e signatur e is valid and the time age 
is within not older than the r e cency age threshold. 

68. (Previously Presented) The method of claim 67, wherein the membership certificate 
certifies group membership, and providing the resource to the client fiirther includes: 

providing the resource to the client only if the group is associated with an access control- 
list. 
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69. (Previously Presented) The method of claim 67, wherein the membership certificate 
certifies group non-membership, and providing the resource to the client fiirther includes: 

providing the resource to the client only if the group is associated with a non-access 
control-list. 

70. (Currently Amended) A system for providing a resources to a client, the system comprising: 

on e or more r e sourc e s associat e d with on e or mor e r e sp e ctiv e rec e ncy thr e sholds , 
a resource server that is in communication with the client, that controls access to the ene 
or mor e resources, and that is th e s e rv e r configured to: 

associate each resource with a respective age threshold on the basis of a level of 
security desired for the resource, in which the age threshold represents the oldest allowable age 
of a membership certificate that can be associated with a request for the resource, such that the 
resource can be provided in reply to the request only if the membership certificate has an age that 
is not older than the oldest allowable age, 

receive a request fi*om the client for at least one of the on e or mor e resources, the 
request including being associated with a membership certificate that was issued by a server 
other than the resource server and that c e rtifying certifies at least one of group membership and 
group non-membership of the client as of a time associat e d with th e m e mb e rship c e rtificat e, 

d e t e rmin e wh e th e r a signatur e associat e d with th e m e mb e rship c e rtificat e is valid, 
determine an age of the membership certificate relative to that time, 
for each of the at least one resource that is requested by the client: 

compare the time age of the membership certificate with the r e c e ncy age 
threshold associated with the on e of th e on e or mor e resources, and 

provide the resource to the client only if th e signatur e is valid and the time 
age is within the r e c e ncy age threshold. 

71. (Cancelled) 
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72. (Previously Presented) The system of claim 70, wherein the membership certificate certifies 
group membership, and the server is configured to: 

provide the resource to the client only if the group is associated with an access control- 
list. 

73. (Previously Presented) The system of claim 70, wherein the membership certificate certifies 
group non-membership, and the server is configured to: 

provide the resource to the client only if the group is associated with a non-access 
control-list. 

74. (Currently Amended) A processor-readable medium including instructions to cause a 
processor of a resource server to: 

associate each of two or more resources with a respective age threshold on the basis of a 
level of security desired for the resource, in which the age threshold represents the oldest 
allowable age of a membership certificate that can be associated with a request for the resource, 
such that the resource can be provided in reply to the request only if the membership certificate 
has an age that is not older than the oldest allowable age, 

receive a request from a client for at least one of the two or more resources, the request 
including being associated with a membership certificate that was issued by a server other than 
! the resource server and that c e rtifying certifies at least one of group membership and group non- 

membership of the client as of a time associated with th e m e mb e rship c e rtificat e, 

d e termin e whether a signatur e associat e d with th e m e mb e rship c e rtificat e is vaUd, 
I determine an age of the membership certificate relative to that time, 

for each of the at least one resource that is requested by the client: 

compare the ^me age of the membership certificate with the r e c e ncy age 
threshold associated with the resource, and 

provide the resource to the client only if th e signatur e is valid and the time age is 
within the r e c e ncy age threshold. 



FHBoston/l 032447.4 



7 



Attorney Docket No. SMY-012.01 

P3685 

75. (New) The processor program of claim 74, wherein the membership certificate certifies 
group membership, and the instructions to provide the resource to the cHent further include 
instructions to: 

provide the resource to the client only if the group is associated with an access control- 
list. 

76. (New) The processor program of claim 74, wherein the membership certificate certifies 
group non-membership, and the instructions to provide the resource to the chent further include 
instructions to: 

provide the resource to the client only if the group is associated with a non-access 
control-list. 

77. (New) A processor data-signal for providing a r e sourc e to a cli e nt, th e proc e ssor data signal 
b e ing embodied in a carrier wave and representing instructions to cause a processor of a resource 
server to: 

associate each of two or more resources with a respective age threshold on the basis of a 
level of security desired for the resource, in which the age threshold represents the oldest 
allowable age of a membership certificate that can be associated with a request for the resource, 
such that the resource can be provided in reply to the request only if the membership certificate 
has an age that is not older than the oldest allowable age, 

receive a request from a client for at least one of the two or more resources, the request 
including being associated with a membership certificate that was issued by a server other than 
the resource server and that c e rtifying certifies at least one of group membership and group non- 
membership of the client as of a time associat e d with th e m e mb e rship c e rtificat e, 

d e t e rmin e wh e th e r a signatur e associat e d with th e m e mb e rship c e rtificat e is valid, ' 

determine an age of the membership certificate relative to that time, 

I 
I 

for each of the at least one resource that is requested by the client: 

compare the time age of the membership certificate with the r e c e ncy age 

threshold associated with the resource, and 

provide the resource to the client only if th e signature is valid and the time age is 

within the r e c e ncy age threshold. 
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78. (New) The processor data-signal of claim 77, wherein the membership certificate certifies 
group membership, and the instructions to provide the resource to the client further include 
instructions to: 

provide the resource to the client only if the group is associated with an access control- 
list. 

79. (New) The processor data-signal of claim 77, wherein the membership certificate certifies 
group non-membership, and the instructions to provide the resource to the client further include 
instructions to: 

provide the resource to the client only if the group is associated with a non-access 
control-Ust. 
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